Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jspwiki/jspwiki-war@2.10.5
Typemaven
Namespaceorg.apache.jspwiki
Namejspwiki-war
Version2.10.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.0
Latest_non_vulnerable_version2.12.0
Affected_by_vulnerabilities
0
url VCID-1ezw-t63q-zkgc
vulnerability_id VCID-1ezw-t63q-zkgc
summary 
Incorrect Default Permissions
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44140
reference_id
reference_type
scores
0
value 0.05872
scoring_system epss
scoring_elements 0.90745
published_at 2026-06-07T12:55:00Z
1
value 0.05872
scoring_system epss
scoring_elements 0.90742
published_at 2026-06-08T12:55:00Z
2
value 0.05872
scoring_system epss
scoring_elements 0.90735
published_at 2026-06-04T12:55:00Z
3
value 0.05872
scoring_system epss
scoring_elements 0.90747
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44140
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140
3
reference_url https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44140
reference_id CVE-2021-44140
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44140
5
reference_url https://github.com/advisories/GHSA-8gw6-w5rw-4g5c
reference_id GHSA-8gw6-w5rw-4g5c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8gw6-w5rw-4g5c
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yhp-dhfd-rbc1
1
vulnerability VCID-8zp9-vxtq-t7ea
2
vulnerability VCID-evzk-asdk-sfat
3
vulnerability VCID-hyw7-4dt5-pyh2
4
vulnerability VCID-kt96-ftgy-aqh2
5
vulnerability VCID-mhec-w5wd-8fe6
6
vulnerability VCID-n6t2-yvd1-wkg1
7
vulnerability VCID-r8n2-f2bj-fud3
8
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
aliases CVE-2021-44140, GHSA-8gw6-w5rw-4g5c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ezw-t63q-zkgc
1
url VCID-27hx-m6sg-xugx
vulnerability_id VCID-27hx-m6sg-xugx
summary 
Cross-site Scripting
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki which could lead to session hijacking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20242
reference_id
reference_type
scores
0
value 0.01321
scoring_system epss
scoring_elements 0.80219
published_at 2026-06-04T12:55:00Z
1
value 0.01321
scoring_system epss
scoring_elements 0.80235
published_at 2026-06-08T12:55:00Z
2
value 0.01321
scoring_system epss
scoring_elements 0.80242
published_at 2026-06-07T12:55:00Z
3
value 0.01321
scoring_system epss
scoring_elements 0.80246
published_at 2026-06-06T12:55:00Z
4
value 0.01321
scoring_system epss
scoring_elements 0.80243
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20242
1
reference_url https://github.com/advisories/GHSA-5q75-cxcq-wr26
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5q75-cxcq-wr26
2
reference_url https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4@%3Cuser.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4@%3Cuser.jspwiki.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
5
reference_url http://www.securityfocus.com/bid/106804
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106804
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20242
reference_id CVE-2018-20242
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20242
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M1
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-7ckf-bdvx-qkh9
3
vulnerability VCID-8zp9-vxtq-t7ea
4
vulnerability VCID-br13-gj7e-fudc
5
vulnerability VCID-evzk-asdk-sfat
6
vulnerability VCID-hu3x-x6ze-8ya7
7
vulnerability VCID-hyw7-4dt5-pyh2
8
vulnerability VCID-kt96-ftgy-aqh2
9
vulnerability VCID-mhec-w5wd-8fe6
10
vulnerability VCID-n6t2-yvd1-wkg1
11
vulnerability VCID-ng2g-et6p-nfgh
12
vulnerability VCID-qgwr-kdx8-83f3
13
vulnerability VCID-r8n2-f2bj-fud3
14
vulnerability VCID-s4g3-2p5v-v3dn
15
vulnerability VCID-t9b5-u2z3-gfc7
16
vulnerability VCID-u3f1-j3gz-m7cf
17
vulnerability VCID-v4jt-qkhw-pqbg
18
vulnerability VCID-y2nn-5x4r-pygx
19
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M1
aliases CVE-2018-20242, GHSA-5q75-cxcq-wr26
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27hx-m6sg-xugx
2
url VCID-4yhp-dhfd-rbc1
vulnerability_id VCID-4yhp-dhfd-rbc1
summary 
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28731
reference_id
reference_type
scores
0
value 0.15456
scoring_system epss
scoring_elements 0.94784
published_at 2026-06-04T12:55:00Z
1
value 0.15456
scoring_system epss
scoring_elements 0.94795
published_at 2026-06-08T12:55:00Z
2
value 0.15456
scoring_system epss
scoring_elements 0.94794
published_at 2026-06-06T12:55:00Z
3
value 0.15456
scoring_system epss
scoring_elements 0.94793
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28731
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28731
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28731
4
reference_url https://github.com/advisories/GHSA-9x9j-vrhj-v364
reference_id GHSA-9x9j-vrhj-v364
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9x9j-vrhj-v364
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mhec-w5wd-8fe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
aliases CVE-2022-28731, GHSA-9x9j-vrhj-v364
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yhp-dhfd-rbc1
3
url VCID-7ckf-bdvx-qkh9
vulnerability_id VCID-7ckf-bdvx-qkh9
summary 
Cross-site Scripting
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki which could lead to session hijacking. Initial reporting indicated `ReferredPagesPlugin`, but further analysis showed that multiple plugins were vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10078
reference_id
reference_type
scores
0
value 0.0305
scoring_system epss
scoring_elements 0.86965
published_at 2026-06-05T12:55:00Z
1
value 0.0305
scoring_system epss
scoring_elements 0.86948
published_at 2026-06-08T12:55:00Z
2
value 0.0305
scoring_system epss
scoring_elements 0.86957
published_at 2026-06-07T12:55:00Z
3
value 0.0305
scoring_system epss
scoring_elements 0.86962
published_at 2026-06-06T12:55:00Z
4
value 0.0305
scoring_system epss
scoring_elements 0.86942
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10078
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10078
reference_id CVE-2019-10078
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10078
3
reference_url https://github.com/advisories/GHSA-hp5r-mhgp-56c9
reference_id GHSA-hp5r-mhgp-56c9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hp5r-mhgp-56c9
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hu3x-x6ze-8ya7
6
vulnerability VCID-hyw7-4dt5-pyh2
7
vulnerability VCID-kt96-ftgy-aqh2
8
vulnerability VCID-mhec-w5wd-8fe6
9
vulnerability VCID-n6t2-yvd1-wkg1
10
vulnerability VCID-ng2g-et6p-nfgh
11
vulnerability VCID-r8n2-f2bj-fud3
12
vulnerability VCID-t9b5-u2z3-gfc7
13
vulnerability VCID-u3f1-j3gz-m7cf
14
vulnerability VCID-y2nn-5x4r-pygx
15
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
aliases CVE-2019-10078, GHSA-hp5r-mhgp-56c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ckf-bdvx-qkh9
4
url VCID-8zp9-vxtq-t7ea
vulnerability_id VCID-8zp9-vxtq-t7ea
summary 
Apache JSPWiki XSS due to crafted request in WeblogPlugin
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28732
reference_id
reference_type
scores
0
value 0.08595
scoring_system epss
scoring_elements 0.92565
published_at 2026-06-08T12:55:00Z
1
value 0.08595
scoring_system epss
scoring_elements 0.92563
published_at 2026-06-04T12:55:00Z
2
value 0.08595
scoring_system epss
scoring_elements 0.92575
published_at 2026-06-05T12:55:00Z
3
value 0.08595
scoring_system epss
scoring_elements 0.92571
published_at 2026-06-06T12:55:00Z
4
value 0.08595
scoring_system epss
scoring_elements 0.92566
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28732
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28732
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28732
4
reference_url https://github.com/advisories/GHSA-hph8-29xw-qfxx
reference_id GHSA-hph8-29xw-qfxx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hph8-29xw-qfxx
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mhec-w5wd-8fe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
aliases CVE-2022-28732, GHSA-hph8-29xw-qfxx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zp9-vxtq-t7ea
5
url VCID-br13-gj7e-fudc
vulnerability_id VCID-br13-gj7e-fudc
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and retrieve sensitive information about the victim.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40369
reference_id
reference_type
scores
0
value 0.02915
scoring_system epss
scoring_elements 0.86662
published_at 2026-06-07T12:55:00Z
1
value 0.02915
scoring_system epss
scoring_elements 0.86666
published_at 2026-06-06T12:55:00Z
2
value 0.02915
scoring_system epss
scoring_elements 0.86667
published_at 2026-06-05T12:55:00Z
3
value 0.02915
scoring_system epss
scoring_elements 0.86652
published_at 2026-06-08T12:55:00Z
4
value 0.02915
scoring_system epss
scoring_elements 0.86644
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40369
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
3
reference_url https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
4
reference_url http://www.openwall.com/lists/oss-security/2022/08/03/3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/08/03/3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40369
reference_id CVE-2021-40369
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40369
6
reference_url https://github.com/advisories/GHSA-cfqj-9g2g-w7q6
reference_id GHSA-cfqj-9g2g-w7q6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfqj-9g2g-w7q6
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yhp-dhfd-rbc1
1
vulnerability VCID-8zp9-vxtq-t7ea
2
vulnerability VCID-evzk-asdk-sfat
3
vulnerability VCID-hyw7-4dt5-pyh2
4
vulnerability VCID-kt96-ftgy-aqh2
5
vulnerability VCID-mhec-w5wd-8fe6
6
vulnerability VCID-n6t2-yvd1-wkg1
7
vulnerability VCID-r8n2-f2bj-fud3
8
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
aliases CVE-2021-40369, GHSA-cfqj-9g2g-w7q6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br13-gj7e-fudc
6
url VCID-evzk-asdk-sfat
vulnerability_id VCID-evzk-asdk-sfat
summary 
Cross-Site Request Forgery (CSRF)
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24947
reference_id
reference_type
scores
0
value 0.01846
scoring_system epss
scoring_elements 0.83341
published_at 2026-06-08T12:55:00Z
1
value 0.01846
scoring_system epss
scoring_elements 0.83325
published_at 2026-06-04T12:55:00Z
2
value 0.01846
scoring_system epss
scoring_elements 0.83351
published_at 2026-06-05T12:55:00Z
3
value 0.01846
scoring_system epss
scoring_elements 0.83353
published_at 2026-06-06T12:55:00Z
4
value 0.01846
scoring_system epss
scoring_elements 0.83349
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24947
1
reference_url https://lists.apache.org/thread/txrgykjkpt80t57kzpbjo8kfrv8ss02c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/txrgykjkpt80t57kzpbjo8kfrv8ss02c
2
reference_url http://www.openwall.com/lists/oss-security/2022/02/25/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/25/1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24947
reference_id CVE-2022-24947
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24947
4
reference_url https://github.com/advisories/GHSA-4284-x26r-4hhc
reference_id GHSA-4284-x26r-4hhc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4284-x26r-4hhc
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.2
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yhp-dhfd-rbc1
1
vulnerability VCID-8zp9-vxtq-t7ea
2
vulnerability VCID-hyw7-4dt5-pyh2
3
vulnerability VCID-mhec-w5wd-8fe6
4
vulnerability VCID-n6t2-yvd1-wkg1
5
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.2
aliases CVE-2022-24947, GHSA-4284-x26r-4hhc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evzk-asdk-sfat
7
url VCID-hu3x-x6ze-8ya7
vulnerability_id VCID-hu3x-x6ze-8ya7
summary Carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10090
reference_id
reference_type
scores
0
value 0.04374
scoring_system epss
scoring_elements 0.89172
published_at 2026-06-08T12:55:00Z
1
value 0.04374
scoring_system epss
scoring_elements 0.89154
published_at 2026-06-04T12:55:00Z
2
value 0.04374
scoring_system epss
scoring_elements 0.89171
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10090
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10090
reference_id CVE-2019-10090
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10090
3
reference_url https://github.com/advisories/GHSA-g6ww-2x43-h963
reference_id GHSA-g6ww-2x43-h963
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6ww-2x43-h963
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hyw7-4dt5-pyh2
6
vulnerability VCID-kt96-ftgy-aqh2
7
vulnerability VCID-mhec-w5wd-8fe6
8
vulnerability VCID-n6t2-yvd1-wkg1
9
vulnerability VCID-r8n2-f2bj-fud3
10
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
aliases CVE-2019-10090, GHSA-g6ww-2x43-h963
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu3x-x6ze-8ya7
8
url VCID-hyw7-4dt5-pyh2
vulnerability_id VCID-hyw7-4dt5-pyh2
summary 
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34158
reference_id
reference_type
scores
0
value 0.01087
scoring_system epss
scoring_elements 0.78266
published_at 2026-06-08T12:55:00Z
1
value 0.01087
scoring_system epss
scoring_elements 0.78255
published_at 2026-06-04T12:55:00Z
2
value 0.01087
scoring_system epss
scoring_elements 0.78281
published_at 2026-06-05T12:55:00Z
3
value 0.01087
scoring_system epss
scoring_elements 0.78288
published_at 2026-06-06T12:55:00Z
4
value 0.01087
scoring_system epss
scoring_elements 0.78278
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34158
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34158
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34158
4
reference_url https://github.com/advisories/GHSA-jp3m-p26h-mm7v
reference_id GHSA-jp3m-p26h-mm7v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp3m-p26h-mm7v
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mhec-w5wd-8fe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
aliases CVE-2022-34158, GHSA-jp3m-p26h-mm7v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyw7-4dt5-pyh2
9
url VCID-kt96-ftgy-aqh2
vulnerability_id VCID-kt96-ftgy-aqh2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24948
reference_id
reference_type
scores
0
value 0.04453
scoring_system epss
scoring_elements 0.89254
published_at 2026-06-04T12:55:00Z
1
value 0.04453
scoring_system epss
scoring_elements 0.89273
published_at 2026-06-06T12:55:00Z
2
value 0.04453
scoring_system epss
scoring_elements 0.89272
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24948
1
reference_url https://lists.apache.org/thread/86p0yzopc4mw2h5bkwpt927b2c8tfq3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/86p0yzopc4mw2h5bkwpt927b2c8tfq3b
2
reference_url http://www.openwall.com/lists/oss-security/2022/02/25/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/25/2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24948
reference_id CVE-2022-24948
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24948
4
reference_url https://github.com/advisories/GHSA-9953-fmrw-v4vm
reference_id GHSA-9953-fmrw-v4vm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9953-fmrw-v4vm
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.2
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yhp-dhfd-rbc1
1
vulnerability VCID-8zp9-vxtq-t7ea
2
vulnerability VCID-hyw7-4dt5-pyh2
3
vulnerability VCID-mhec-w5wd-8fe6
4
vulnerability VCID-n6t2-yvd1-wkg1
5
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.2
aliases CVE-2022-24948, GHSA-9953-fmrw-v4vm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt96-ftgy-aqh2
10
url VCID-mhec-w5wd-8fe6
vulnerability_id VCID-mhec-w5wd-8fe6
summary 
Apache JSPWiki vulnerable to cross-site scripting on several plugins
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46907
reference_id
reference_type
scores
0
value 0.02199
scoring_system epss
scoring_elements 0.84722
published_at 2026-06-04T12:55:00Z
1
value 0.03318
scoring_system epss
scoring_elements 0.8751
published_at 2026-06-07T12:55:00Z
2
value 0.03318
scoring_system epss
scoring_elements 0.87512
published_at 2026-06-06T12:55:00Z
3
value 0.03318
scoring_system epss
scoring_elements 0.87513
published_at 2026-06-05T12:55:00Z
4
value 0.04413
scoring_system epss
scoring_elements 0.89223
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46907
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://github.com/apache/jspwiki/blob/37bf55373ed5a739a388a720163cf51d1104537f/ChangeLog.md?plain=1#L112
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/blob/37bf55373ed5a739a388a720163cf51d1104537f/ChangeLog.md?plain=1#L112
3
reference_url https://github.com/apache/jspwiki/commit/0b9a0149032170063f22d65e335dfd317db815ea
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/commit/0b9a0149032170063f22d65e335dfd317db815ea
4
reference_url https://github.com/apache/jspwiki/commit/46e1ef7a595ca5cabf5ef184139910413f2024fc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/commit/46e1ef7a595ca5cabf5ef184139910413f2024fc
5
reference_url https://github.com/apache/jspwiki/commit/484c6a133e397693991b7c9a9b62ef3ca48ce707
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/commit/484c6a133e397693991b7c9a9b62ef3ca48ce707
6
reference_url https://github.com/apache/jspwiki/commit/75019d337f1d0033b1f65428e75f43baeffd99dd
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/commit/75019d337f1d0033b1f65428e75f43baeffd99dd
7
reference_url https://github.com/apache/jspwiki/commit/82be08904a6d8bd22fa2d4e5a7e85f43408724d3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/commit/82be08904a6d8bd22fa2d4e5a7e85f43408724d3
8
reference_url https://github.com/apache/jspwiki/commit/9d6dbf911d52d724297e4e46c4b80649fb028ff9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/commit/9d6dbf911d52d724297e4e46c4b80649fb028ff9
9
reference_url https://github.com/apache/jspwiki/commit/df20770f251a8d7431047e556b144ef24ee6a3a7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki/commit/df20770f251a8d7431047e556b144ef24ee6a3a7
10
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-46907
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-46907
11
reference_url https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T19:56:09Z/
url https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504
12
reference_url http://www.openwall.com/lists/oss-security/2023/05/25/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T19:56:09Z/
url http://www.openwall.com/lists/oss-security/2023/05/25/1
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46907
reference_id CVE-2022-46907
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46907
14
reference_url https://github.com/advisories/GHSA-qvq8-cw7f-m7m4
reference_id GHSA-qvq8-cw7f-m7m4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvq8-cw7f-m7m4
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.12.0
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.12.0
aliases CVE-2022-46907, GHSA-qvq8-cw7f-m7m4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhec-w5wd-8fe6
11
url VCID-n6t2-yvd1-wkg1
vulnerability_id VCID-n6t2-yvd1-wkg1
summary 
Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28730
reference_id
reference_type
scores
0
value 0.11342
scoring_system epss
scoring_elements 0.93683
published_at 2026-06-04T12:55:00Z
1
value 0.11342
scoring_system epss
scoring_elements 0.93691
published_at 2026-06-08T12:55:00Z
2
value 0.11342
scoring_system epss
scoring_elements 0.93692
published_at 2026-06-07T12:55:00Z
3
value 0.11342
scoring_system epss
scoring_elements 0.93693
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28730
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28730
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28730
4
reference_url https://github.com/advisories/GHSA-ggjq-8c4c-68r5
reference_id GHSA-ggjq-8c4c-68r5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ggjq-8c4c-68r5
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mhec-w5wd-8fe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
aliases CVE-2022-28730, GHSA-ggjq-8c4c-68r5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6t2-yvd1-wkg1
12
url VCID-ng2g-et6p-nfgh
vulnerability_id VCID-ng2g-et6p-nfgh
summary Carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to `InfoContent.jsp`, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12404
reference_id
reference_type
scores
0
value 0.04421
scoring_system epss
scoring_elements 0.89231
published_at 2026-06-08T12:55:00Z
1
value 0.04421
scoring_system epss
scoring_elements 0.89213
published_at 2026-06-04T12:55:00Z
2
value 0.04421
scoring_system epss
scoring_elements 0.8923
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12404
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12404
reference_id CVE-2019-12404
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12404
3
reference_url https://github.com/advisories/GHSA-7qmg-qg53-mrp8
reference_id GHSA-7qmg-qg53-mrp8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7qmg-qg53-mrp8
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hyw7-4dt5-pyh2
6
vulnerability VCID-kt96-ftgy-aqh2
7
vulnerability VCID-mhec-w5wd-8fe6
8
vulnerability VCID-n6t2-yvd1-wkg1
9
vulnerability VCID-r8n2-f2bj-fud3
10
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
aliases CVE-2019-12404, GHSA-7qmg-qg53-mrp8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ng2g-et6p-nfgh
13
url VCID-qgwr-kdx8-83f3
vulnerability_id VCID-qgwr-kdx8-83f3
summary 
Path Traversal
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki which could be used by an attacker to obtain registered users' details.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0225
reference_id
reference_type
scores
0
value 0.03398
scoring_system epss
scoring_elements 0.87653
published_at 2026-06-06T12:55:00Z
1
value 0.03398
scoring_system epss
scoring_elements 0.87652
published_at 2026-06-08T12:55:00Z
2
value 0.03398
scoring_system epss
scoring_elements 0.87629
published_at 2026-06-04T12:55:00Z
3
value 0.03398
scoring_system epss
scoring_elements 0.87651
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0225
1
reference_url https://github.com/advisories/GHSA-pffw-p2q5-w6vh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pffw-p2q5-w6vh
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
3
reference_url https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
8
reference_url http://www.openwall.com/lists/oss-security/2019/03/26/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/03/26/2
9
reference_url http://www.securityfocus.com/bid/107627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107627
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0225
reference_id CVE-2019-0225
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0225
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-7ckf-bdvx-qkh9
3
vulnerability VCID-8zp9-vxtq-t7ea
4
vulnerability VCID-br13-gj7e-fudc
5
vulnerability VCID-evzk-asdk-sfat
6
vulnerability VCID-hu3x-x6ze-8ya7
7
vulnerability VCID-hyw7-4dt5-pyh2
8
vulnerability VCID-kt96-ftgy-aqh2
9
vulnerability VCID-mhec-w5wd-8fe6
10
vulnerability VCID-n6t2-yvd1-wkg1
11
vulnerability VCID-ng2g-et6p-nfgh
12
vulnerability VCID-r8n2-f2bj-fud3
13
vulnerability VCID-s4g3-2p5v-v3dn
14
vulnerability VCID-t9b5-u2z3-gfc7
15
vulnerability VCID-u3f1-j3gz-m7cf
16
vulnerability VCID-y2nn-5x4r-pygx
17
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
aliases CVE-2019-0225, GHSA-pffw-p2q5-w6vh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgwr-kdx8-83f3
14
url VCID-r8n2-f2bj-fud3
vulnerability_id VCID-r8n2-f2bj-fud3
summary 
Cross-site Scripting
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10076
reference_id
reference_type
scores
0
value 0.03049
scoring_system epss
scoring_elements 0.86963
published_at 2026-06-05T12:55:00Z
1
value 0.03049
scoring_system epss
scoring_elements 0.86946
published_at 2026-06-08T12:55:00Z
2
value 0.03049
scoring_system epss
scoring_elements 0.86955
published_at 2026-06-07T12:55:00Z
3
value 0.03049
scoring_system epss
scoring_elements 0.8696
published_at 2026-06-06T12:55:00Z
4
value 0.03049
scoring_system epss
scoring_elements 0.8694
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10076
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
2
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
3
reference_url http://www.openwall.com/lists/oss-security/2019/05/19/4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/05/19/4
4
reference_url http://www.securityfocus.com/bid/108437
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108437
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10076
reference_id CVE-2019-10076
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10076
6
reference_url https://github.com/advisories/GHSA-cxx2-fp39-rf3r
reference_id GHSA-cxx2-fp39-rf3r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cxx2-fp39-rf3r
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hu3x-x6ze-8ya7
6
vulnerability VCID-hyw7-4dt5-pyh2
7
vulnerability VCID-kt96-ftgy-aqh2
8
vulnerability VCID-mhec-w5wd-8fe6
9
vulnerability VCID-n6t2-yvd1-wkg1
10
vulnerability VCID-ng2g-et6p-nfgh
11
vulnerability VCID-r8n2-f2bj-fud3
12
vulnerability VCID-t9b5-u2z3-gfc7
13
vulnerability VCID-u3f1-j3gz-m7cf
14
vulnerability VCID-y2nn-5x4r-pygx
15
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
1
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.1
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yhp-dhfd-rbc1
1
vulnerability VCID-8zp9-vxtq-t7ea
2
vulnerability VCID-evzk-asdk-sfat
3
vulnerability VCID-hyw7-4dt5-pyh2
4
vulnerability VCID-kt96-ftgy-aqh2
5
vulnerability VCID-mhec-w5wd-8fe6
6
vulnerability VCID-n6t2-yvd1-wkg1
7
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.1
aliases CVE-2019-10076, GHSA-cxx2-fp39-rf3r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8n2-f2bj-fud3
15
url VCID-s4g3-2p5v-v3dn
vulnerability_id VCID-s4g3-2p5v-v3dn
summary 
Cross-site Scripting
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10077
reference_id
reference_type
scores
0
value 0.03016
scoring_system epss
scoring_elements 0.86881
published_at 2026-06-05T12:55:00Z
1
value 0.03016
scoring_system epss
scoring_elements 0.86865
published_at 2026-06-08T12:55:00Z
2
value 0.03016
scoring_system epss
scoring_elements 0.86875
published_at 2026-06-07T12:55:00Z
3
value 0.03016
scoring_system epss
scoring_elements 0.86878
published_at 2026-06-06T12:55:00Z
4
value 0.03016
scoring_system epss
scoring_elements 0.86858
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10077
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10077
reference_id CVE-2019-10077
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10077
3
reference_url https://github.com/advisories/GHSA-cj6j-32rg-45r2
reference_id GHSA-cj6j-32rg-45r2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj6j-32rg-45r2
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hu3x-x6ze-8ya7
6
vulnerability VCID-hyw7-4dt5-pyh2
7
vulnerability VCID-kt96-ftgy-aqh2
8
vulnerability VCID-mhec-w5wd-8fe6
9
vulnerability VCID-n6t2-yvd1-wkg1
10
vulnerability VCID-ng2g-et6p-nfgh
11
vulnerability VCID-r8n2-f2bj-fud3
12
vulnerability VCID-t9b5-u2z3-gfc7
13
vulnerability VCID-u3f1-j3gz-m7cf
14
vulnerability VCID-y2nn-5x4r-pygx
15
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
aliases CVE-2019-10077, GHSA-cj6j-32rg-45r2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4g3-2p5v-v3dn
16
url VCID-t9b5-u2z3-gfc7
vulnerability_id VCID-t9b5-u2z3-gfc7
summary 
Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Version 2.11.3 contains a fix for the problem
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-27166
reference_id
reference_type
scores
0
value 0.17527
scoring_system epss
scoring_elements 0.95216
published_at 2026-06-08T12:55:00Z
1
value 0.17527
scoring_system epss
scoring_elements 0.95206
published_at 2026-06-04T12:55:00Z
2
value 0.17527
scoring_system epss
scoring_elements 0.95213
published_at 2026-06-05T12:55:00Z
3
value 0.17527
scoring_system epss
scoring_elements 0.95215
published_at 2026-06-06T12:55:00Z
4
value 0.17527
scoring_system epss
scoring_elements 0.95217
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-27166
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-27166
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-27166
4
reference_url https://github.com/advisories/GHSA-2fxf-qj94-3f83
reference_id GHSA-2fxf-qj94-3f83
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2fxf-qj94-3f83
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mhec-w5wd-8fe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.3
aliases CVE-2022-27166, GHSA-2fxf-qj94-3f83
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9b5-u2z3-gfc7
17
url VCID-u3f1-j3gz-m7cf
vulnerability_id VCID-u3f1-j3gz-m7cf
summary 
Cross-site Scripting
On Apache JSPWiki, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10087
reference_id
reference_type
scores
0
value 0.04421
scoring_system epss
scoring_elements 0.89231
published_at 2026-06-08T12:55:00Z
1
value 0.04421
scoring_system epss
scoring_elements 0.89213
published_at 2026-06-04T12:55:00Z
2
value 0.04421
scoring_system epss
scoring_elements 0.8923
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10087
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10087
reference_id CVE-2019-10087
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10087
3
reference_url https://github.com/advisories/GHSA-gwfq-qwmp-x9xg
reference_id GHSA-gwfq-qwmp-x9xg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gwfq-qwmp-x9xg
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hyw7-4dt5-pyh2
6
vulnerability VCID-kt96-ftgy-aqh2
7
vulnerability VCID-mhec-w5wd-8fe6
8
vulnerability VCID-n6t2-yvd1-wkg1
9
vulnerability VCID-r8n2-f2bj-fud3
10
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
aliases CVE-2019-10087, GHSA-gwfq-qwmp-x9xg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3f1-j3gz-m7cf
18
url VCID-v4jt-qkhw-pqbg
vulnerability_id VCID-v4jt-qkhw-pqbg
summary 
Cross-site Scripting
In Apache JSPWiki, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0224
reference_id
reference_type
scores
0
value 0.02408
scoring_system epss
scoring_elements 0.85393
published_at 2026-06-07T12:55:00Z
1
value 0.02408
scoring_system epss
scoring_elements 0.85379
published_at 2026-06-08T12:55:00Z
2
value 0.02408
scoring_system epss
scoring_elements 0.8537
published_at 2026-06-04T12:55:00Z
3
value 0.02408
scoring_system epss
scoring_elements 0.85394
published_at 2026-06-05T12:55:00Z
4
value 0.02408
scoring_system epss
scoring_elements 0.85399
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0224
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
2
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
5
reference_url http://www.securityfocus.com/bid/107631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107631
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0224
reference_id CVE-2019-0224
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0224
7
reference_url https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
reference_id GHSA-fmpq-w5q6-9vf9
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-7ckf-bdvx-qkh9
3
vulnerability VCID-8zp9-vxtq-t7ea
4
vulnerability VCID-br13-gj7e-fudc
5
vulnerability VCID-evzk-asdk-sfat
6
vulnerability VCID-hu3x-x6ze-8ya7
7
vulnerability VCID-hyw7-4dt5-pyh2
8
vulnerability VCID-kt96-ftgy-aqh2
9
vulnerability VCID-mhec-w5wd-8fe6
10
vulnerability VCID-n6t2-yvd1-wkg1
11
vulnerability VCID-ng2g-et6p-nfgh
12
vulnerability VCID-r8n2-f2bj-fud3
13
vulnerability VCID-s4g3-2p5v-v3dn
14
vulnerability VCID-t9b5-u2z3-gfc7
15
vulnerability VCID-u3f1-j3gz-m7cf
16
vulnerability VCID-y2nn-5x4r-pygx
17
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
aliases CVE-2019-0224, GHSA-fmpq-w5q6-9vf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4jt-qkhw-pqbg
19
url VCID-y2nn-5x4r-pygx
vulnerability_id VCID-y2nn-5x4r-pygx
summary Carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10089
reference_id
reference_type
scores
0
value 0.04374
scoring_system epss
scoring_elements 0.89172
published_at 2026-06-08T12:55:00Z
1
value 0.04374
scoring_system epss
scoring_elements 0.89154
published_at 2026-06-04T12:55:00Z
2
value 0.04374
scoring_system epss
scoring_elements 0.89171
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10089
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10089
reference_id CVE-2019-10089
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10089
3
reference_url https://github.com/advisories/GHSA-3rx2-x6mx-grj3
reference_id GHSA-3rx2-x6mx-grj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rx2-x6mx-grj3
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hyw7-4dt5-pyh2
6
vulnerability VCID-kt96-ftgy-aqh2
7
vulnerability VCID-mhec-w5wd-8fe6
8
vulnerability VCID-n6t2-yvd1-wkg1
9
vulnerability VCID-r8n2-f2bj-fud3
10
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
aliases CVE-2019-10089, GHSA-3rx2-x6mx-grj3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2nn-5x4r-pygx
20
url VCID-y618-1jjp-b7gz
vulnerability_id VCID-y618-1jjp-b7gz
summary 
Cross-site Scripting
On Apache JSPWiki, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12407
reference_id
reference_type
scores
0
value 0.04421
scoring_system epss
scoring_elements 0.89213
published_at 2026-06-04T12:55:00Z
1
value 0.04421
scoring_system epss
scoring_elements 0.89231
published_at 2026-06-08T12:55:00Z
2
value 0.04421
scoring_system epss
scoring_elements 0.8923
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12407
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12407
reference_id CVE-2019-12407
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12407
4
reference_url https://github.com/advisories/GHSA-p2r4-rpj8-m2p9
reference_id GHSA-p2r4-rpj8-m2p9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2r4-rpj8-m2p9
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ezw-t63q-zkgc
1
vulnerability VCID-4yhp-dhfd-rbc1
2
vulnerability VCID-8zp9-vxtq-t7ea
3
vulnerability VCID-br13-gj7e-fudc
4
vulnerability VCID-evzk-asdk-sfat
5
vulnerability VCID-hyw7-4dt5-pyh2
6
vulnerability VCID-kt96-ftgy-aqh2
7
vulnerability VCID-mhec-w5wd-8fe6
8
vulnerability VCID-n6t2-yvd1-wkg1
9
vulnerability VCID-r8n2-f2bj-fud3
10
vulnerability VCID-t9b5-u2z3-gfc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M5
aliases CVE-2019-12407, GHSA-p2r4-rpj8-m2p9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y618-1jjp-b7gz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.5